[messaging] Short Auth Strings
Adam Zimmerman
adam at digitalpirate.ca
Fri Jan 31 10:36:29 PST 2014
On 14-01-31 09:24 AM, Trevor Perrin wrote:
> - SAS are maybe useful for text chat, though I'm not sure how much
> they're used in OTR compared to fingerprints or PAKE (OTR is unusual
> in having all three options. Is there any data on which users
> prefer?)
OTR used to have something called a session id (IIRC), which was
essentially a long version of an SAS. I think they removed it around the
same time they started using the Socialist Millionaire Protocol to do
shared secret auth, for usability reasons.
Nowadays, OTR clients just use a simple fingerprint comparison as the
"barebones" type of authentication.
- Adam
More information about the Messaging
mailing list